New: Threat Exposure Validation Impact Report 2025
Learn More
Join our Summer Webinar Series on Threat Exposure Validation
Register Now
Come meet us at Black Hat USA 2025 | Booth 1640
Book a Meeting

Gamaredon Abuses Telegram To Target Ukrainian Government Organizations

January 24, 2023

The Gamaredon APT group was discovered targeting Ukrainian government entities using the Telegram messaging service to avoid traditional network detection.
The Telegram messaging application was used in several stages, from victim profiling to delivering the final payload.
The initial infection vector was weaponized spear-phishing documents written in the Russian and Ukrainian languages.
The threat actor exploited a remote template injection vulnerability to compromise adversarial infrastructure with malware and bypass Microsoft Word macro protection.
After the malicious document was opened, the malware downloaded a Visual Basic script from a specific address which connected to a Telegram account to get additional instructions.